Scanning Open Ports in Windows: A Quick Guide

When troubleshooting client or server side application network connectivity issues, it is often necessary to determine if access to a certain port that the application uses is being blocked. In this article we’ll take a quick look at how to view open ports using a number of lightweight freeware tools for Microsoft Windows. You might just be surprised at how effective these free utilities are at helping you to scan open ports and get to the root of the problem.

NetStat.exe

The first tool of note is one many admin and support folk might have heard of; the Windows command line utility called netstat.exe. Netstat.exe, located in the Windows ‘System32’ folder, allows you to view ports that are open or in use on a particular host, but should not be confused with a network port scanner which actually probes a host for open ports.

To view which ports are listening (open) on a local host using netstat, from the command prompt type the following:

netstat –an ¦find /i “listening”

The results will be displayed across four columns – the protocol type, local IP address and associated port number, foreign IP address, and state – as shown in the image below. The column of interest in this case would be the second column.

By using the ‘o’ parameter as part of the netstat command, a fifth column will be displayed as part of the results. This column shows the application process ID (PID) associated with each open port. The full command would be as follows:

netstat –ano ¦find /i “listening”

Using Task Manager to find which application is using the open port

The PID information can be used to find which application is using the open port. For example, the image above shows PID 156 being associated with port 17500. By using Windows Task Manager (CTRL + SHIFT + ESC), we can see that PID 156 belongs to the application called Dropbox.exe.

Tasklist.exe allows you to find the application using the open port from the command prompt

The same thing can be done using tasklist.exe from the command prompt which is essentially the command line equivalent of the Windows Task Manager that will display the same information. Again, the column of interest in the results for tasklist.exe would be column two which shows the PID for each running application. Using both versions you can display other information such as the user account that the application is running under.

For a full list of parameters and further information, type “netstat /?” or “tasklist /?” in a command prompt.

TCPView.exe

Similar to netstat.exe is TCPView.exe which offers a more detailed representation of netstat.exe information in a graphical user interface (GUI). TCPView.exe is available for download from the Microsoft SysInternals website and runs as a standalone application that does not require installation. Using TCPView, not only can you scan open ports but you can also view local and remote TCP connection information such as packets sent and received, the protocol being used, as well as the initiating process.

PortQry.exe

Another really interesting tool to be aware of is PortQry.exe. PortQry.exe is available for download from the Microsoft Download Center and runs as a standalone command line application.

PortQry.exe allows you to scan open ports on a local or remote host. Once you have downloaded and extracted portqry.exe to your machine, open a command prompt, and type portqry.exe followed by a given parameter from the folder that contains the executable.

For example, typing “portqry.exe –local” will show TCP/UDP port usage for the local host. The information shown when using this parameter is similar to that of netstat.exe, however it also shows port statistics such as the number of port mappings and the number of ports in each state.

To view the TCP/UDP open port state of a remote host, type “portqry.exe –n[hostname/IP]” where [hostname/IP] is replaced with the hostname or IP address of the remote host. You can also specify to scan for a particular port using the “-e [port_number]” parameter, a particular range of ports using the “-r [start_range:end_range]” parameter, or a group of ports in a particular order using the “-o [port1, port2, port3]” parameter.

The image below shows portqry.exe being using to scan for “listening” ports on a remote host with an IP address of 192.168.0.7 and a port range of 150-160.

For a full list of parameters and further information, type “portqry.exe /?”.

Conclusion

This article has shown you how to scan open ports using a series of freeware utilities. These utilities will come in handy as part of troubleshooting network connectivity issues, forming part of your network auditing toolkit or contributing towards your vulnerability checks.

The ability to scan open ports using such utilities is a great thing to have. It can be useful to troubleshoot network issues and is also a critical aspect of the overall network security scanning strategy.

Like our blog posts, surveys and infographics? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

About the Author: Andrew Tabona

Andrew has over 10 years experience in Quality Assurance, Incident Management, and Pre- and Post-Sales Technical Support roles, as well as recent specialization in Digital Forensics and E-Discovery. He has contributed to several blogs and worked on various technical writing projects for multiple organizations, as well as being invited to be a regular guest lecturer and speaker at a top UK university.

5 Comments

Shane March 16, 2012 at 5:12 pm

what about nmap?? And thanks for the post, didn’t know about portqry.exe.

J. Paul March 19, 2012 at 10:59 am

Thanks for the guide. I’ve been using mainly the SysInternals thingy and am quite pleased with it. These tools are all so simple and with no fluffs but they are exactly what an admin needs. All these tools with nice GUI that take all the RAM can’t compare with the efficiency of these simple tools.

Jerome Paulines March 19, 2012 at 2:01 pm

Be careful about using the Tcpview.exe command. This is because it will do its work even without you knowing it is doing the work. In short, it can function even without your permission, which for me is a ground for a malicious program just like viruses and spywares do. My latest anti-virus program (a paid program that is) alarmed me about it. Although it’s a useful tool, I just hope its next version can be tamed a little bit.

Andrew Zammit Tabona March 29, 2012 at 8:26 pm

Shane – Thanks for your feedback and for sharing. Nmap is a great little utility! It falls beyond the scope I had in mind for this article (hence why I didn’t include it), but nonetheless I would highly recommend people check it out.

J. Paul – Thanks for your feedback. Glad you found the article useful. I agree, some tools out there are memory hogs. Like you, I prefer it when things are kept simple!

Jerome Paulines – I’m a big fan of the SysInternals suite of tools, but I’ve also found in the past that some AVs can pick them up as Malware/Trojans – usually a result of a false positive by the AV or because the utilities use a programming function similar to what a real piece of Malware/Trojan would use.